Cherie Anderson runs a travel company
in southern California, and she’s convinced the federal government is
reading her emails. But she’s all right with that.
“I assume it's part of the Patriot Act and I really don't mind,” she says. “I figure I'm probably boring them to death.”
It's likely Anderson is not alone in her
concerns that the government may be monitoring what Americans say,
write, and read. And now there may be even more to worry about:
a newly revealed security research project
called PRODIGAL -- the Proactive Discovery of Insider Threats Using
Graph Analysis and Learning -- which has been built to scan IMs, texts
and emails . . . and can read approximately a quarter billion of them a
day.
“Every time someone logs on or off, sends an
email or text, touches a file or plugs in a USB key, these records are
collected within the organization,” David Bader, a professor at the
Georgia Tech School of Computational Science and Engineering and a principal investigator on the project, told FoxNews.com.
PRODIGAL scans those records for behavior --
emails to unusual recipients, certain words cropping up, files
transferred from unexpected servers -- that changes over time as an
employee "goes rogue." The system was developed at Georgia Tech in
conjunction with the Defense Advanced Research Projects Agency (DARPA),
the Army's secretive research arm that works on everything from flying
cars to robotic exoskeletons.
Initially, PRODIGAL will scan only the
communications of military volunteers and people who work in federal
agencies. But the very existence of such a project is sure to unnerve
citizens like Anderson. Is the government reading my emails? Are they
already monitoring me?
"Some people say it's one step further
toward a police state," said Anthony Howard, a book author and security
expert who has consulted for the Department of Homeland Security.
But Bader and other experts are quick to
dismiss the idea that PRODIGAL could be used to monitor everyone in
America. The scans work only on internal systems, they say -- not across
the entire Internet. And the experts say such a project is long
overdue: by monitoring for "anomalies" and predicting extreme behavior,
catastrophes can be prevented, such as a soldier in good mental health
becoming homicidal or a government employee sharing key classified
information.
“Today, an analyst may receive tens of thousands of 'anomalies' per day, where an anomaly is an unexplained event,” Bader said.
The new system is designed to aid analysts in processing those anomalies. And it's not alone.
Bader equated the PRODIGAL system to
Raytheon SureView,
an internal scanning system that looks for suspicious activity and
alerts federal agencies about possible threats. Another system is the
Einstein project, which was developed after 9/11 and scans government
employees for key words and links suspicious activity to National
Security Agency databases.
But PRODIGAL scans vastly more data than
those systems: as much as a terabyte or more per day, what Georgia Tech
described as "massive data sets."
PRODIGAL is part of an existing DARPA
security project called Anomaly Detection at Multiple Scales (ADAMS),
which was announced earlier this year. Details about how ADAMS works are
not widely known; Georgia Tech's recent announcement is one of the
first reports to explain how these detection engines work.
According to Bader, PRODIGAL uses complex "graph-processing" algorithms
to analyze threats and piece together a jigsaw puzzle of communications.
The system then ranks the unusual activity before feeding the most
suspicious threats to agents.
Cyber-security expert Joseph Steinberg, CEO of
Green Armor Solutions,
said ADAMS is unique in that it scans through a massive stream of data.
He says the new project, which will take about two years to develop and
will cost $9 million, will be more effective at analyzing threats and
determining if they are valid.
But the issue is not the scanning technology
itself; it’s how the information is interpreted -- and whether it
ultimately helps at all, Howard told FoxNews.com.
"Since there is no real data publicly
available to substantiate that any of this technology is preventing
terrorist attacks or strengthening our borders from within, [we can't]
really say definitively that this technology is doing any good," he
said.
The challenge, he said, is that criminals
and terrorists often use multiple channels of communication, some
encrypted -- and know how to avoid existing detection systems.
Nevertheless, PRODIGAL’s ability to scan
reams of data is clearly the next step in tracking unusual activity, and
it’s guaranteed to raise a red flag for Anderson and others.
"Since people tend to be imperfect, the data captured can easily be mishandled. Where does it end?" Howard said.